Reset of default domain policy/internet explorer maintenance settings

Aspall IT 436 Reputation points
2021-11-18T10:35:20.49+00:00

Hello,

I have taken over an existing Active Directory domain at my company.
I am doing a tidy and consolidation of group policy objects, and one of the ones I want to sort is the default domain policy.

The policy has had Internet Explorer Maintenance settings applied, but because our domain controllers are all 2016 and above, and all our clients are Windows 10, I have nothing that is able to see those settings for me to clear out of the policy.

I toyed with the idea of manually recreating the policy, however one of the default settings in the domain policy looks to be a encrypting file system certificate, which I don't know how to manually recreate in a new policy.

I assume my options are;

  1. Deploy a Windows 7 or 2012 client to manage these settings
  2. Use the gpo fix tool to restore the default policy?

Not sure what the best course of action here is?

Many thanks
James

Windows for business | Windows Client for IT Pros | Directory services | Active Directory
Windows for business | Windows Client for IT Pros | User experience | Other
0 comments No comments
{count} votes

Accepted answer
  1. Clément BETACORNE 2,496 Reputation points
    2021-11-26T15:07:43.34+00:00

    Hello,

    Finally I have tested this solution and it seems to work. I created a new 2008R2 server without any patches to have the oldest version of IE and from this server I edited a GPO and I got the Internet Explorer Maintenance even if I have the central store :
    152918-image.png

    Regards,

    1 person found this answer helpful.

3 additional answers

Sort by: Most helpful
  1. Gary Reynolds 9,621 Reputation points
    2021-11-18T10:46:32.66+00:00

    Hi,

    Have look at this option, https://nettools.net/gpo-explorer/, I haven't used it to look at the ie maintenance settings before, but as it shows the raw data in the policies it might be able to show you what is in policy.

    Gary.

    1 person found this answer helpful.

  2. Clément BETACORNE 2,496 Reputation points
    2021-11-18T12:49:28.337+00:00

    Hello,

    One option like you describe can be to use a Windows 7 or Windows Server 2012 to edit your GPO but it will not work if you have the central store in place

    Cheers,


  3. Limitless Technology 39,926 Reputation points
    2021-11-22T08:47:11.073+00:00

    Hi there,

    Here is a step to reset default domain policy.

    1. Log on as a domain administrator to a DC.
    2. Start a command session.
    3. To reset the Domain GPO, type
      dcgpofix /target:Domain
      To reset the Default DC GPO, type
      dcgpofix /target:DC
      To reset both the Domain and Default DC GPOs, type
      dcgpofix /target:both
      4.After you enter the appropriate command in Step 3, enter Y to both prompts.
    4. Close the command window.

    Here is a link as well to help you out https://social.technet.microsoft.com/Forums/windowsserver/en-US/e8a7c194-d3bf-4e1c-857c-7f779cc86705/how-to-reset-default-domain-policy?forum=winserverDS


    --If the reply is helpful, please Upvote and Accept it as an answer--


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.